CyberheistNews Vol 4, # 24 Friday the 13th Crypto Horror Story



CyberheistNews Vol 4, # 24
KnowBe4
Stu Sjouwerman's New Security Newsletter Don't miss the Fave Links! Case Studies Resources About Us Contact Us
Facebook LinkedIn Blog Twitter YouTube YouTube
 

CyberheistNews Vol 4, 24

Editor's Corner

KnowBe4

Friday the 13th Crypto Horror Story

This was written by a Tech from an IT service provider. (Edited for brevity)

"I have a client who refused my suggestions of a versioned, off-site backup system in the past. One of their employees got a 'voice mail' from 'Microsoft Outlook' in a zip file. It infected her PC and crawled the mapped network drive and encrypted all the data on the server. After hours of research we decided to pay the ransom.

"After a nervous 12 hour wait, we rebooted and a window popped up showing us that it was decrypting the network files. About 30 seconds into this, Microsoft Security Essentials finally caught the virus and shut down the whole thing, including the decryption process.

"After spending more hours trying to re-infect the machine but with no luck, I noticed that the CryptoScum had placed our private key on the desktop. I used a Python script that allowed me to decrypt the files manually. The process kept on getting hung up on problem files/directories, so there was a lot of manual intervention. After 5 days and 8-10 hours of manual intervention, we have decrypted almost all of the files (99.9%). The next day he asked me to install off-site versioned backups.

"The charge was 1.2 Bitcoin, which when it happened was around $480-$500. I had a friend with Bitcoin who paid the ransom and said we had 2 weeks to get him the Bitcoin back. By the time I got around to buying some BTC for him, it was $810 for the 1.2 BTC because the value raised in that time."

Moral of the story? BACKUP, BACKUP, BACKUP (regularly test your Restore procedure and make sure that it works) and do step your users through effective Security Awareness Training. Ask for a quote now and be pleasantly surprised how affordable it is. If you get hit with ransomware despite having trained your users, we pay the ransom if you order before June 30. Click on the "Get Your Quote Here" link at the bottom of the page:
http://www.knowbe4.com/we-will-pay-your-crypto-ransom-if-you-get-hit-with-ransomware/

$440,000 Cyberheist Victim Now Needs To Pay Bank's Legal Fees

Talk about adding insult to injury. Brian Krebs has the update, he's been reporting on the legal gray area when cyber mafia steals hundreds of thousands out of a company's bank account. There is a new ruling that raises the stakes for cyberheist victims.

NOTE, unlike consumers which are FDIC insured, companies and non-profits are NOT automatically insured when they are the victim of a cyberheist. You can check this with your bank, you need to have an additional separate cyberinsurance to be covered in case bad guys empty out your operating account.

A Missouri firm that unsuccessfully sued its bank to recover $440,000 stolen in a 2010 cyberheist may now be on the hook to cover the financial institution’s legal fees, an appeals court has ruled. Legal experts say the decision is likely to discourage future victims from pursuing such cases.

Choice Escrow and Land Title LLC sued Tupelo, Miss. based BancorpSouth Inc., after hackers who had stolen the firm’s online banking ID and password used the information to make a single unauthorized wire transfer for $440,000 to a corporate bank account in Cyprus. More at:
http://krebsonsecurity.com/2014/06/ruling-raises-stakes-for-cyberheist-victims/

Scam Of The Week: Free World Cup Trip To Brazil

The 2014 FIFA World Cup football (soccer) has kicked off last week, and so have phishing campaigns trying to trick you into scams for free tickets, realtime news and online streaming of the games. There are several scams doing the rounds, the most prominent one being all-expense paid trips to Brazil. Example image on KnowBe4 Blog:
http://blog.knowbe4.com/bid/388673/Phishing-Scam-Of-The-Week-Free-World-Cup-Trip-To-Brazil

The email subject is: __email___ WON a free ticket to 2014 World Cup but the email has a malicious zip file attachment that if opened will take over the PC. It's a remote admin Trojan called DarkComet.

Apart from free tickets, news clips with goals scored and highlights about the teams are also used to make people open up attachments or click on links to infected websites.

One example is an email circulating about Neymar da Silva Junior, a young Brazilian star player. The email contains a malicious word document that exploits a known vulnerability in Microsoft Word.

For KnowBe4 customers: We have taken one of these campaigns and created a template out of that, which you can send to your users. It's in the Current Events section. Happy Phishing !

Quotes of the Week

"You may be disappointed if you fail, but you are doomed if you don’t try." - Beverly Sills - Opera Singer (1929 - 2007)

"Let the refining and improving of your own life keep you so busy that you have little time to criticize others." - H. Jackson Brown, Jr. - Author

"It is never too late to be what you might have been." - George Eliot - Novelist (1819 - 1880)

Thanks for reading CyberheistNews! Please forward to your friends. But if you want to unsubscribe,
you can do that right here


You can read CyberheistNews online at our Blog!:
http://blog.knowbe4.com/bid/388589/CyberheistNews-Vol-4-23-CryptoWall-Comes-With-Nasty-Twist

Thanks for reading CyberheistNews! Warm Regards, Stu Sjouwerman | Email me: feedback@knowbe4.com
Facebook LinkedIn Blog Twitter YouTube YouTube
KnowBe4

WEBCAST: How To Cut Audit Time And Audit Cost In Half

Regular Audit cycles are at the very least a pain in the neck, but often a severe disruption of normal IT work. And we are not even speaking of unexpected regulatory audits that may cause hefty fines.

Join KnowBe4 on Tuesday June 24 at 2PM EDT to learn how to automate your compliance workflow so that you first become and then stay compliant, which will cut the normal time and costs needed for your audit cycle in half. You will learn about:

   - Escaping from the Audit Cycle
   - No More Spreadsheet Nightmares
   - Centralizing Audit Evidence
   - Managing Controls Testing

Register for this 30-minute KnowBe4 webcast HERE and plan to be part of the 15-minute online Q & A Session that follows. Hosted by KnowBe4's Brian Jack, CISSP, CEH:
http://info.knowbe4.com/webcast-knowbe4-compliance-manager-kcm

KnowBe4

Can You Fix A Human Problem With A Technology Solution?

Let me be clear from the get-go: maybe partially but never 100%. Hundreds of IT security companies have tried and failed, just look at the malware infections you are battling regularly. Moreover, the world of computing is rapidly evolving to where end-users define the boundary of your organization, each one of them individually "being the perimeter".

Human problems need first and foremost -education-, and when that is effectively done, you have created a change in behavior that can be measured and managed. You have created a "security culture". End-user Security Awareness Training is a very important part of your defense-in-depth, while you also need a myriad of technical controls to be in place to be secure (and compliant).

The problem is that social engineers are always a step ahead and you need to keep your users on their toes with security top of mind. That means ongoing simulated phishing tests of varying kind so that users at least once a month (twice or three times is better) get exposed to simulated phishing scams like Banking, Social Networking, IT, Government, Online Services, Healthcare, and Current Events.

Now, some security gurus disagree with this position and Corey Nachreiner over at DARKReading has a great article that looks over the counter arguments and takes them apart. If you think security awareness training is useless, read this article with an open mind and then tell me what you think?
http://www.darkreading.com/operations/dont-let-lousy-teachers-sink-security-awareness/a/d-id/1269529?

KnowBe4

Ransomware "Svpeng" Strikes US, Bricks Android Devices

A mobile Trojan called “Svpeng,” has now been updated to extort Android users in the U.S., researchers warn.

Discovered last July by Kaspersky, Svpeng was initially used to steal payment card information from Russian bank customers. As of this month, however, a separate version of the malware has been locking up U.S. victims' devices so fraudsters can collect a ransom.

On Wednesday, Roman Unuchek, senior malware analyst at Kaspersky Lab, detailed scammers' new exploits in a blog post.

At the start of the year, Svpeng was modified to offer ransomware capabilities, Unuchek explained. The malware blocked Russian users' devices with messages accusing them of accessing child pornography.

But this summer, an newer iteration of the malware began using a similar hoax against U.S. users.

“At the beginning of June we identified a new spin-off version of the Trojan,” Unuchek wrote in the blog post. “While the main version targeted Russia, 91% of those infected by the new version were in the US. The malware also attacked users in the UK, Switzerland, Germany, India and Russia.”

The ransomware launches a “scan” on victims' devices, then shows them a phony FBI message saying their device was used to visit porn sites. A $200 MoneyPak payment is then demanded to unlock the phone, Unuchek said.

In a Wednesday email to SCMagazine.com, Unuchek explained how Svpeng is of particular nuisance to victims, and different from other ransomware, like CryptoLocker.

“It is impossible to repel an attack of American Svpeng if a mobile device doesn't have a security solution – the malware will block the device completely, not separate files as CryptoLocker did,” Unuchek wrote. “If it happens to you, you can do almost nothing. The only hope for unlocking the device is if it was already rooted before it was infected. Then it could be unlocked without deleting the data. One more option to remove the Trojan, if your phone wasn't rooted, is to boot into ‘Safe Mode' and erase all data on the phone only, [since] SIM and SD cards will stay untouched and uninfected."

In addition to its ransomware features, Svpeng also checks for mobile banking apps on victims' phones, including apps for Bank of America, USAA, Wells Fargo and other U.S. institutions. Researchers believe the data will be used to target customers in future campaigns.

In a Thursday follow up email, Unuchek told SCMagazine.com that Svpeng would likely be updated to steal bank credentials from U.S. users (as it did in Russia).

“For now, this piece of malware does not steal credentials, but it is only a matter of time, since Svpeng is just a modification of a well-known Trojan that operates in Russia and is used mainly for money stealing,” Unuchek wrote. “Additionally, the Trojan's code contains some mentions of the Cryptor method which was not used yet, so it is likely that soon it will be utilized to encrypt user data and demand a ransom to decrypt it." More at SC Magazine, with a link to the Kaspersky Blog:
http://www.scmagazine.com/ransomware-svpeng-strikes-us-leaves-android-devices-unusable/article/355530/

KnowBe4

Durham NH Police Department Refuses To Pay Ransom

Ransomware overwhelmed the Durham Police Department's computer system Friday, rendering it "dead in the water" after spreading from an opened email attachment.

"My understanding is that all computers at the police department are inoperable until we are able to isolate the virus," Town Admin Todd Selig said Friday afternoon. Selig said a Durham police officer opened what appeared to be a legitimate file attachment sent in an email on Thursday night around 10 p.m.

The virus overtook the department's computer system within hours. Widespread issues were reported within the department's computer system Friday morning. Police Chief David Kurz told Selig by noon on Friday, the department's system was "dead in the water."

The virus managed to bypass the town's spam filters and anti-virus software, creating significant problems for the department, according to Luke Vincent, Durham's manager of information technology.

No cost estimate has been finalized yet, but Selig said the cost could range between $2,000 and $3,000. The event was a reminder for staff and police about how much computers are relied on for everyday business, Selig said. He encouraged residents and area businesses to invest in the latest anti-virus software and be cautious about opening file attachments in emails. Selig also advised to abide by the mantra: "When in doubt, throw it out," in an email update about the virus on Friday afternoon.

"Make no mistake, the Town of Durham will be paying no ransom," Selig commented. They must have had good backups. Good for them!

KnowBe4

P.F. Chang’s Confirms Credit Card Breach

Nationwide restaurant chain P.F. Chang's Chinese Bistro on Thursday confirmed news first reported on this blog: That customer credit and debit card data had been stolen in a cybercrime attack on its stores. The company had few additional details to share about the breach, other than to say that it would temporarily be switching to a manual credit card imprinting system for all P.F. Chang's restaurants in the United States.

In statement released to Krebs, P.F. Chang's said it first learned of the breach on June 10, the same day this publication first pointed to evidence that the eatery chain may have been compromised. Their complete statement can be found at the Krebs on Security Blog:
http://krebsonsecurity.com/2014/06/p-f-changs-confirms-credit-card-breach/

KnowBe4

Cyberheist 'FAVE' LINKS:

* This Week's Links We Like. Tips, Hints And Fun Stuff.

In honor of the FIFA World Cup™ 2014 - here are the World's most talented soccer trick shot heroes:
http://www.flixxy.com/soccer-world-cup-2014-trick-shot-heroes.htm?utm_source=4

5 Goals By Holland Vs Spain With increasingly Enthusiastic Dutch Commentary. Legendary commentator Jack van Gelder gets more and more excited as the Dutch rack up five goals against the reigning World and European Champion:
http://www.flixxy.com/5-goals-by-holland-vs-spain-with-enthusiastic-dutch-commentary.htm?utm_source=4

Life is Awesome 2014. The awesome and exciting life of animals, skateboarders, wingsuit flyers, dancers, mountain bikers and more....
http://www.flixxy.com/life-is-awesome-2014.htm?utm_source=4

A compilation of some beautiful and exciting flying footage:
http://www.flixxy.com/the-magic-of-flying.htm?utm_source=4

Vittorio Brumotti, a former bike trial World Champion and a 10-times Guinness World Record Holder, does death-defying stunts with his bicycle:
http://www.flixxy.com/road-bicycling-freestyle-in-italy-vittorio-brumotti.htm?utm_source=4

How the Economic Machine Works [Animation] by Ray Dalio. This is actually a VERY instructive 30 minutes, use it for a lunch&learn!:
http://www.economicprinciples.org/

Water Car Panther is the fastest amphibious car in the World - capable of 80 mph (127 km/h) on the road and 44 mph (70 km/h) on water. I want one. (Not sure if the girls are included in the package):
http://www.flixxy.com/worlds-fastest-water-car.htm?utm_source=4

Motorcyclist Cody Elkins takes it up a notch and jumps over an airplane at the 2014 Cameron Air Show in Missouri. This is a cool shot:
http://www.flixxy.com/motorcyclist-jumps-over-flying-airplane.htm?utm_source=4

To achieve zero gravity or weightlessness, the aircraft performs a 'parabolic flight', following a flight pattern which alternates ascents and descends. This video looks at it from the outside:
http://www.flixxy.com/zero-g-reduced-gravity-aircraft.htm?utm_source=nl

A collection of funny cats who like the interaction with vacuum cleaners:
http://www.flixxy.com/cats-who-love-vacuum-cleaners.htm?utm_source=4

Lowrider fighting is a videogame waiting to happen. This is insane:
http://youtu.be/9bZ-x2HWLx0

Volkswagen: Eyes On The Road. Moviegoers in Hong Kong were in for a surprise when Volkswagen showed a clever PSA to demonstrate why texting while driving is not a good idea. Forward to any teenager you know!
http://www.flixxy.com/volkswagen-eyes-on-the-road.htm?utm_source=4

 
KnowBe4
Facebook LinkedIn Blog Twitter YouTube YouTube



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews